Keep the Patient at the Center: My Full Week at IMSC26 (and Why Getting Ahead of IEC 60601-1, 4th Edition Is Really About People)

This was a week of learning I will not forget, and one that reminded me why I do this work. Strip away the standard numbers, the acronyms, the requirements, and the test reports, and the whole event came back to a core concept: keep the patient at the center and keep them safe. That is the thread I want to pull through this longer recap, the one that did not fit in a single LinkedIn post.

A quick note on format. On LinkedIn I kept this tight. Here on the blog I have room to go deeper, so this version adds more on the structure of 4th edition, more on how I think about the Conformity Evaluation Plan and File, and a closing section on what I am personally carrying back to the standards committees. If you only have two minutes, the LinkedIn version covers the highlights. If you want the real detail, you are in the right place.

Why I keep saying “get ahead of 4th edition”

Let me set the stage, because it is the backbone of almost everything I presented this week. IEC 60601-1, 4th edition is not a distant, someday concern. It is being actively drafted right now, fragment by fragment, across a set of working groups (broadly WG 37 through WG 48), and all of those fragments have already circulated Committee Drafts (CD1s, and some have done CD2s). The collateral standards many of us have treated as separate documents are being folded into the core of 60601-1. The structure is moving toward clearer, more “atomic” requirements, each one distinct and design-ready, with rationale attached and tighter alignment to the IMDRF Essential Principles. The scope is broadening to span lay users and professional users, home and EMS and professional environments, and patients of every age, human and animal.

Here is why that matters to you, not just to standards people like me. When this edition lands, the gap between a product designed against 3rd edition assumptions and one designed with 4th edition in mind will show up as redesign, retesting, and documentation rework. That is the expensive way to meet a standard. The inexpensive way is to read the direction of travel now and bake it into your design inputs, your risk management file, your labeling, and your test strategy while you still have design freedom. That is the whole argument in one breath: plan now, avoid the fire drills later.

It started Monday in Boxborough: TÜV Rheinland and IEC 60601-1, 4th Edition

The week kicked off in Boxborough, Massachusetts, with TÜV Rheinland North America’s first IEC 60601-1, 4th Edition seminar, held at their Northeast Technology and Innovation Center. I shared the stage with Caitlin Brady and Elizabeth Casey, and for the Q&A we pulled in two additional local experts from our Working Groups, Ashleigh McNaboe and Jenna Smolko-Jaser. Dr. Nicholas T. Kirkland kindly introduced me that morning and even worked my Star Trek podcast into the introduction, which set a warm and slightly playful tone for a deep technical day. You can listen to the podcast here.

That left me as the only man on the panel, standing alongside four exceptional women in STEM, and I could not have been prouder to be there. These are not token seats. On the standards committees I work with, women like these are among the strongest, most technically capable people in the room, the ones I lean on and learn from. Our field is finally heading in the right direction on this, and it needs to keep going. When I started more than 40 years ago, engineering and the technical fields were a hard place for women. It is better now, I see real progress even in my son’s college, though equity is still a work in progress. Panels and committees stacked with talent like this are how we close the gap, and being outnumbered by minds that sharp is an honor every single time.

If you could not join live, the recording and the slide deck are available here.

A deeper look at the CEF and CEP, and why “Bridge, not wait”

At IMSC26 I ran a 4-hour workshop, “Building and Using an IEC 60601 Conformity Evaluation File for Today and Tomorrow,” with a group of about 20. Without reproducing the workshop materials, here is the thinking, because it is useful even if you were not in the room.

The problem the CEF and CEP solve is fragmentation. Today, evidence tends to live in silos: test reports here, design reviews there, the risk management file somewhere else, the usability engineering file in its own world. Different formats, different levels of detail, and a reviewer at a test lab or Notified Body who has to hunt to piece it together. A Conformity Evaluation Plan flips that. You plan, up front, how each applicable requirement will be evaluated, then the Conformity Evaluation File becomes the executed plan with the evidence attached and traceable from requirement to hazard to test method to acceptance criteria to result. It is the difference between a complete file and a usable one, a distinction that came up in other sessions this week as well.

The line I kept coming back to was “Bridge, not wait.” 3rd edition does not require a formal CEP, but nothing stops you from adopting the mindset now. Teams that build this muscle today will transition into 4th edition smoothly, and they will hand reviewers a cleaner package in the meantime. If you want the practical version of this for your own projects, that is exactly the kind of thing I help clients set up, and the kind of thing I write about in the newsletter.

I also delivered a 45-minute session, “The Impact of IEC 60601-1, 4th Edition on RA/QA, Design, Document Control, Test, Supply Chain, and Management,” to a room of close to 100 with more online, and even a few of my own clients in the seats. The point of that talk was to take the drivers behind the next edition and trace them into the real work across functions, because a standard change is never just an engineering change. It ripples into your QMS procedures, your document control, your supplier and test planning, and your management reviews.

A quick note on why this is my lane: I co-convene IEC/TC 62/SC 62A/WG 39 (user interface for IEC 60601-1, 4th edition), am a member of IEC/TC 62/SC 62A/WG 37 (general requirements) and IEC/TC 62/SC 62A/AG 50 (the editing team leading the 4th edition of IEC 60601-1), serve as US co-chair of AAMI TAG 62D on electromedical equipment, and sit on ISO/TC 210/WG 2. A lot of what I shared comes straight from inside the rooms where this edition is being written.

It also meant a lot to hear Jean-Yves Pairet, Quality Assurance Director at CLEIO, write that the workshop “made a clear case for preparing for IEC 60601-1 4th edition now, rather than waiting four years for it to roll out,” and that he left “with a practical, immediately usable approach CLEIO can already apply to current projects.” Practical and immediately usable is exactly what I am going for.

The talks that stuck with me

Michelle Tarver, MD, PhD, Director of FDA’s CDRH, delivered a keynote that was simply outstanding, with patient safety running clearly through the entire keynote. She covered the Case for Quality programs (the Voluntary Improvement Program and the Achieving Quality Excellence Collaborative Community), the Accreditation Scheme for Conformity Assessment (ASCA), supply chain resilience including the very real PFAS challenge, and QMSR, now in effect and incorporating ISO 13485:2016. The common thread, and the reason it ties to my own message, is that every one of those rewards teams who prepare early instead of scrambling at a deadline.

James Pink gave a talk I, and many of us, will be thinking about for a long time: “When You Become the Patient: A Safety Professional on the Other Side of the Decision.” He laid out what the formal risk model does well (sets the safety assessment scope, identifies hazards and hazardous situations, defines controls and acceptable residual risk, supports surveillance and signal detection) and what lies outside its boundary: cross-device effects over time, the psychological burden between appointments, the cumulative impact of “acceptable” events, and the lived experience across encounters.

His concept of “bound risk” has stuck with me. The manufacturer owns the chain up to the device-level event, but the path from a hazardous situation to actual patient harm gets distributed to the health institutions that control the diagnostic and therapeutic pathway. His example: an MRI down in a radiology suite. Nobody is crushed or burned, the file says no harm, and meanwhile patients sit stalled on the diagnostic pathway with a clock ticking inside them. That is harm. It just is not the kind our current files capture. He also made the uncomfortable point that adverse events are among the weakest signals we will ever get, because the system often needs someone to be seriously injured before anyone investigates properly.

James and I have known each other for about five years and have worked through plenty of medical device and IEC 60601-1 questions together, so this one lands close to home. During the Q&A I told him I would be thrilled to have him speak to the IEC TC 62, SC 62A, and the 4th Edition IEC 60601-1 teams writing the standard. Here is why. We still do not focus enough on the patient. We focus on the engineering and the technology, and those matter, but technology and standards are only one piece of the puzzle. The patient pathway is just as critical, and arguably more. A device can pass every clause we write and still leave a patient stalled, anxious, and unsafe somewhere along their journey. The people writing the standards need to hear this clearly, and hearing it from someone directly impacted who also understands the risk management perspective drives the point home far better than I could on my own.

Susan Neadle presented on “Streamlined” Risk Management for Drug-Device Combination Products, touching on the draft Technical Specification ISO TS 24971-3 (guidance on applying ISO 14971 to combination products) and the integration path with AAMI TIR 105. The problem she names is one anyone working at the intersection of device, drug, and user knows in their bones: multiple frameworks (ISO 14971 for the device, ICH Q9(R1) for the drug) overlap, execution is siloed, and the result is inconsistent terminology, traceability gaps, and interaction risks that go under-assessed, especially the drug-device interactions and the way a user actually handles the combined system. Streamlined does not mean lighter. It means connected, consistent, and decision-driving. David Cronin of Cognition followed with a strong session on minimizing patient risk at the intersection of drug and device risks. Meeting David in person was a real highlight. He carries deep knowledge across medtech, pharma, and combination products, and he and Susan go way back, which showed in how naturally their two talks complemented each other.

A personal highlight: Susan and I were initially scheduled at the same time, and she asked Bijan to reschedule so she could watch my presentation. That kind of attention to detail from Bijan is part of what makes this conference special, and it honestly blew me away. I have had huge respect for Susan for many years as the combination products expert, and she knows me, as many do, as the IEC 60601 Guy. There is a lot of mutual respect in this conference and a huge amount of knowledge and decades of experience to tap into.

Friday panels: what do we really mean by “risk,” and how mature is it?

Friday brought panels, a new addition this year, and they delivered. One of the liveliest was “What Do We Really Mean by ‘Risk’? US vs EU Perspectives,” a genuinely useful debate about how the same word carries different weight on different sides of the Atlantic. It sounds academic until it shows up in your submission strategy and your acceptable-risk arguments.

Fubin Wu’s panel introduced his Risk Management Maturity Model (RM3), and I am very glad I sat through it. It is a first-principles effort to answer a question we rarely measure well: what does good, and great, risk management actually look like, and how do you grow toward it? The panel brought together FDA voices including co-chairs Keisha Thomas and Melissa Burns alongside industry core-team members. As Fubin puts it, RM3 pushes past “did we follow the process?” to a deeper question: “are we making decisions with confidence that fulfill the intent of the process to serve patients?” With QMSR now in force, that shift from better documentation to better decision-making is the real work.

AI, human factors, and more sessions worth your time

My associates at Prodct Studio, Christie Johnson and Devon C. Campbell, ran a fantastic Tuesday workshop, “The AI-Powered MedTech Professional.” They also know how to host. I may have “dragged” a few TÜV Rheinland friends to their Monday-night party. Great hosts, every time.

I did not catch all of Shannon Hoste’s usability sessions, and I wanted to. Her work asks a question our whole field needs to sit with: are human factors processes ready for AI in medical devices? The risks she maps (automation bias, loss of situational awareness, and function allocation between human and AI) are real use-related hazards, and the comfortable assumptions, like “the clinician will catch it,” do not hold up. Her two-part HFE workshop with Jonathan Kendler, on factoring human factors data into your risk file and safety case, is exactly the kind of practical, on-the-ground content I look for.

One session I did sit through and keep thinking about was Steve Gompertz and Jean Blom’s “Hidden Influences: How Risk Management Can Go Wrong.” It gave us a phrase worth posting in every quality department: “dysfunctional compliance,” where the process is followed precisely but the results still are not acceptable, because the focus drifts to how the work gets done instead of the value it is meant to produce. Risk management is done by humans, and the human factors of decision-making belong inside our risk process.

The fun version: standards are star maps

If you want the more playful version of the philosophy underneath all of this, enjoy The ⭕️ Podcast episode where I joined Faisal Kamal, “The Star Map to the Future.” The core idea: IEC 60601 is not a rulebook, it is a star map built from decades of engineering mistakes, test data, regulatory learning, and field experience. We even used the Star Trek tricorder as an analogy for the electronic devices now used in homes and EMS environments, the noisy, unpredictable, RF-filled spaces that 4th edition deliberately pushes us to design for. There is also a companion write-up, What’s NASA & Star Trek have to do with IEC 60601?

What I am carrying back to the committees

Conferences like this are not just about what you present, they are about what you take home to the work. Three things are coming back with me into the standards rooms. First, the patient pathway belongs in our thinking, not just the device-level event, and James Pink made that case better than anyone. Second, maturity matters more than compliance, and RM3 gives us a vocabulary for it. Third, the human side of risk, the biases and blind spots Gompertz and Blom mapped, deserves a seat at the table inside our risk process, not as an afterthought. If we hold those three together while we write 4th edition, we end up with a standard that protects real people in real environments, which is the entire point.

Resources to get ahead of IEC 60601-1, 4th Edition

If this left you wanting a head start, here is where I would point you first:

• IEC 60601, 4th Edition: What’s Changing and How to Prepare — my strategic-shifts overview and companion to the Easy Medical Device podcast episode.
• IEC 60601-1, 4th Edition Survival Guide: Why It Matters for MedTech
• IEC 60601-1, 4th Edition: Design Controls and QMS Impacts You Need to Know
• Get Your Reviewer’s Hat On: 4th Edition Draft Fragments Have Dropped
• From Engineer to “The IEC 60601 Guy” (Project Medtech Podcast)

The part that matters most

The theme of the whole week was patient safety and risk management, but the human side stuck with me just as much. I finally met people in person whom I have worked with for years, in some cases for decades. Voices and email signatures became handshakes and hugs. That never gets old. I had great conversations with Fubin Wu and David Bonnett on the risk maturity work, time with Susan Neadle, James Pink, David Cronin, Steve Gompertz, and Jean Blom, and real face time with Bijan Elahi himself. There were genuinely too many good people to name them all here, and that is a wonderful problem to have. A small backstory I am proud of: Caitlin Brady and Elizabeth Casey of TÜV Rheinland were at IMSC26 because I suggested they sponsor, and they grabbed the very last sponsor spot. Sometimes a nudge at the right moment is all it takes.

A heartfelt thank you to Bijan Elahi, Jamie D. Selby and the entire volunteer team, to my TÜV Rheinland North America colleagues, and to Christie Johnson, Devon C. Campbell, and the Prodct Studio crew. IMSC alternates between the US and Europe so attendees on both sides of the Atlantic get a fair shot, and IMSC27 heads to Europe, with Ireland, Belgium, and Portugal in serious consideration.

Onward. And if you are writing standards or developing products, keep the patient at the center.

Live long and prosper, and keep your patients safe, in every environment, be it on earth 🌎 or in space 🛰️, on every device. To infinity and beyond, we can design for patient safety, in all its forms, if we really set our minds to it, with such a dedicated set of great minds as this group. 🖖🚀

Schedule a call with Leo Learn more about our work

Leonard “Leo” Eisner · The IEC 60601 Guy · Eisner Safety Consultants